howtodumb Posted August 18, 2012 ID:586839 Share Posted August 18, 2012 I'm not sure how it got here, but it's here... to stay it seems. Reinstalled itself after I uninstalled. Anyway I've downloaded combofix and it's not on my desktop. What's the next step? Any help would be GREATLY appreciated. I just want this tool bar gone. Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:586840 Share Posted August 18, 2012 Sorry for the double post but here is the ComboFix log.ComboFix 12-08-17.03 - Compbro 08/17/2012 22:40:03.1.2 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6072 [GMT -5:00]Running from: c:\users\Compbro\Downloads\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))..2012-08-18 03:43 . 2012-08-18 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa32012-08-16 22:38 . 2012-08-16 22:38 -------- d-----w- c:\program files (x86)\Conduit2012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys2012-08-10 16:53 . 2012-08-16 16:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller2012-08-10 08:35 . 2012-08-16 16:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-08-10 08:35 . 2012-08-16 16:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG2012-08-10 04:47 . 2012-08-18 03:14 -------- d-----w- c:\windows\system32\drivers\AVG2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG20122012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG2012-08-10 04:44 . 2012-08-18 03:15 -------- d-----w- c:\programdata\MFAData2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart.R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57].2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149uDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.1.1 68.238.96.12.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\PnkBstrA.exec:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe.**************************************************************************.Completion time: 2012-08-17 22:51:49 - machine was rebootedComboFix-quarantined-files.txt 2012-08-18 03:51.Pre-Run: 18,371,325,952 bytes freePost-Run: 18,095,607,808 bytes free.- - End Of File - - DAE11FA155E4B64C10BA99983BAB090C Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 18, 2012 ID:586843 Share Posted August 18, 2012 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Sorry for the double post but here is the ComboFix log.Please do not run ComboFix without the supervision of a helper, such as myself, as it is a very powerful tool and using it incorrectly can cause damage to your computer. Please keep this in mind. You have Conduit installed. This program has been known to exhibit suspicious behaviour (please see here for more information). I recommend removing Conduit.You can do this by going to Start>Control Panel>Programs and Features>Programs and uninstalling the following (if present):ConduitConduit EngineConduit MotorWhiteSmokePlease restart your computer after these program removals.==========Next, please download to your Desktop SystemLook by jpshortstuff from here.Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan::filefind*WhiteSmoke*:folderfind*WhiteSmoke*:regfindWhiteSmokeWhen finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt. Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:586871 Share Posted August 18, 2012 SystemLook 30.07.11 by jpshortstuffLog created at 03:33 on 18/08/2012 by CompbroAdministrator - Elevation successful========== filefind ==========Searching for "*WhiteSmoke*"C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage --a---- 3072 bytes [19:56 17/08/2012] [19:56 17/08/2012] CEAC9CFA4B7BAA5DC331972C3081A832C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal --a---- 3608 bytes [19:56 17/08/2012] [19:56 17/08/2012] 1D4B95391958ADFFB2D7C59BEF525B46C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage --a---- 3072 bytes [19:43 17/08/2012] [03:18 18/08/2012] 350B9721E7F97ABC556E9586939BA3CBC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal --a---- 3608 bytes [19:43 17/08/2012] [03:18 18/08/2012] DF035E24DEF02A5CADF7635EBF05AD2BC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage --a---- 3072 bytes [19:55 17/08/2012] [03:25 18/08/2012] 350B9721E7F97ABC556E9586939BA3CBC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal --a---- 3608 bytes [19:55 17/08/2012] [03:25 18/08/2012] A474C5DDEF50A0A12E4828B3AF733D6E========== folderfind ==========Searching for "*WhiteSmoke*"No folders found.========== regfind ==========Searching for "WhiteSmoke"[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725399351616___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399351616%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725399351616%22%2C%22onBeforeLoadData%22%3A%22%7B%[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725399820364___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399820364%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725399820364%22%2C%22originalHeight%22%3A25%2C%[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725402320352___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725402320352%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725402320352%22%2C%22originalHeight%22%3A24%2C%[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725403414096___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403414096%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725403414096%22%2C%22originalHeight%22%3A26%2C%[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725403726597___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403726597%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725403726597%22%2C%22originalHeight%22%3A26%2C%22[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_1000082___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.30513234599493444%22%7D"[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725405445339___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725405445339%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725405445339%22%2C%22originalHeight%22%3A24%2C%22[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_4925864906806966160___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%224925864906806966160%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%224925864906806966160%22%2C%22originalHeight%22%3A26%2[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_US_New%22%7D"[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%7D"[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_92dad837-b406-451b-9bd8-b8ba1103fed1___kfkcangbigakljkjeglcofaomihpejif"="%7B%22position%22%3A%7B%22left%22%3A2%2C%22top%22%3A33%2C%22right%22%3A46%2C%22isAbsolute%22%3Atrue%7D%2C%22buttonWidth%22%3A42%2C%22appId%22%3A%22129496561699250735%22%2C%22viewId%22%3A%220.32803047890774906%22%2C%22loggerData%22%3A%7B%22from%22%3A%22menu%22%2C%22action%22%3A%22menu%22%2C%22startTime%22%3A1345260323581%2C%22isApi%22%3Afalse%2C%22isWithState%22%3Atrue%7D%2C%22menuId%22%3A1%2C%22isMenu%22%3Atrue%2C%22flowid%22%3A%220.17985008819960058%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22icon%22%[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725399351616___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399351616%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572539935161[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725399820364___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399820364%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572539982[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725402320352___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725402320352%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572540232[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725403414096___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403414096%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572540341[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725403726597___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403726597%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221298957254037265[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_1000082___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.30513234599493444%22%7D"[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_129895725405445339___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725405445339%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221298957254054453[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_4925864906806966160___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%224925864906806966160%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%224925864906806[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_US_New%22%7D"[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%7D"[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]"gadgetsContextHash_92dad837-b406-451b-9bd8-b8ba1103fed1___kfkcangbigakljkjeglcofaomihpejif"="%7B%22position%22%3A%7B%22left%22%3A2%2C%22top%22%3A33%2C%22right%22%3A46%2C%22isAbsolute%22%3Atrue%7D%2C%22buttonWidth%22%3A42%2C%22appId%22%3A%22129496561699250735%22%2C%22viewId%22%3A%220.32803047890774906%22%2C%22loggerData%22%3A%7B%22from%22%3A%22menu%22%2C%22action%22%3A%22menu%22%2C%22startTime%22%3A1345260323581%2C%22isApi%22%3Afalse%2C%22isWithState%22%3Atrue%7D%2C%22menuId%22%3A1%2C%22isMenu%22%3Atrue%2C%22flowid%22%3A%220.17985008819960058%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%-= EOF =- Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 18, 2012 ID:586874 Share Posted August 18, 2012 Howdy howtodumb. It would appear Conduit is linked to WhiteSmoke in this instance, so please make sure you have uninstalled Conduit as per my previous post before proceeding.Please follow these instructions to remove the remaining malicious entries: Please close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Open Notepad and copy/paste the text in the quotebox below into it:Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.killall::File::C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorageC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journalC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorageC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journalC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorageC:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journalRegistry::[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit][-HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit]Save this as CFScript.txt, in the same location as ComboFix.exe.Referring to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt.Please post the ComboFix.txt in your next reply and let me know if WhiteSmoke is still present. Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:586885 Share Posted August 18, 2012 I can't find Conduit in my Uninstall screen unfortunately. But I did find its folder and deleted it. The script you posted seemed to have worked... that it until I opened my browser. Looks like the toolbar installed itself yet again. Gave me the welcome screen and everything. Nonetheless, here is the log.ComboFix 12-08-17.03 - Compbro 08/18/2012 4:58.2.2 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6417 [GMT -5:00]Running from: c:\users\Compbro\Desktop\ComboFix.exeCommand switches used :: c:\users\Compbro\Desktop\CFScript.txtAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal""c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage""c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal""c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage""c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal""c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journalc:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstoragec:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journalc:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstoragec:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journalc:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage..((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))..2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa32012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys2012-08-10 16:53 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller2012-08-10 08:35 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-08-10 08:35 . 2012-08-18 08:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG2012-08-10 04:47 . 2012-08-18 03:14 -------- d-----w- c:\windows\system32\drivers\AVG2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG20122012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG2012-08-10 04:44 . 2012-08-18 03:15 -------- d-----w- c:\programdata\MFAData2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart.R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]..Contents of the 'Scheduled Tasks' folder.2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57].2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149uDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.1.1 68.238.96.12..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\PnkBstrA.exec:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe.**************************************************************************.Completion time: 2012-08-18 05:08:07 - machine was rebootedComboFix-quarantined-files.txt 2012-08-18 10:08ComboFix2.txt 2012-08-18 03:51.Pre-Run: 21,801,312,256 bytes freePost-Run: 21,741,805,568 bytes free.- - End Of File - - D7CAECC8523602A0C95901DE79D1A193 Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:586886 Share Posted August 18, 2012 You'll have to excuse my grammar and usage mistakes. It's the early morning and I haven't slept. Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 18, 2012 ID:586924 Share Posted August 18, 2012 Hello howtodumb. Please follow these instructions to remove the remaining malicious entries: Please close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Open Notepad and copy/paste the text in the quotebox below into it:Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.killall::DDS::uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149Save this as CFScript.txt, in the same location as ComboFix.exe.Referring to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt.Please post the ComboFix.txt in your next reply.Then, please download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.==========Please provide in your reply:ComboFix.txt.OTL.txt.Extras.txt.Is WhiteSmoke still present? Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:587129 Share Posted August 18, 2012 Alright so I ran OTL and ComboFix with that script. WhiteSmoke still present unfortunately. Here are the logs. ComboFix first then OTL.ComboFix 12-08-18.03 - Compbro 08/18/2012 16:34:51.3.2 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6733 [GMT -5:00]Running from: c:\users\Compbro\Desktop\ComboFix.exeCommand switches used :: c:\users\Compbro\Desktop\CFScript.txtAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))..2012-08-18 21:39 . 2012-08-18 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa32012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys2012-08-10 16:53 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller2012-08-10 08:35 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-08-10 08:35 . 2012-08-18 08:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG2012-08-10 04:47 . 2012-08-18 21:31 -------- d-----w- c:\windows\system32\drivers\AVG2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG20122012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG2012-08-10 04:44 . 2012-08-18 21:31 -------- d-----w- c:\programdata\MFAData2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll..((((((((((((((((((((((((((((( SnapShot@2012-08-18_10.03.41 ))))))))))))))))))))))))))))))))))))))))).+ 2012-08-10 03:40 . 2012-08-18 21:28 23014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-08-18 21:28 32248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2012-08-09 21:26 . 2012-08-18 21:28 5268 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-447234750-1175504839-4170690110-1001_UserData.bin- 2012-08-18 10:03 . 2012-08-18 10:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-08-18 21:40 . 2012-08-18 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-08-18 21:40 . 2012-08-18 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-08-18 10:03 . 2012-08-18 10:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-08-10 04:31 . 2012-08-18 03:44 411768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2012-08-10 04:31 . 2012-08-18 21:39 411768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat- 2009-07-14 05:01 . 2012-08-18 10:01 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-08-18 21:39 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 02:34 . 2012-08-18 08:00 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2012-08-18 10:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart.R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]..Contents of the 'Scheduled Tasks' folder.2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57].2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200TCP: DhcpNameServer = 192.168.1.1 68.238.96.12..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\SysWOW64\PnkBstrA.exec:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe.**************************************************************************.Completion time: 2012-08-18 16:44:52 - machine was rebootedComboFix-quarantined-files.txt 2012-08-18 21:44ComboFix2.txt 2012-08-18 10:08ComboFix3.txt 2012-08-18 03:51.Pre-Run: 21,669,847,040 bytes freePost-Run: 21,580,570,624 bytes free.- - End Of File - - AC0690A14340DAF94ADCC51E374FC3E6 Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:587131 Share Posted August 18, 2012 OTL logfile created on: 8/18/2012 4:46:55 PM - Run 1OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Compbro\Desktop64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.74% Memory free16.00 Gb Paging File | 14.59 Gb Available in Paging File | 91.18% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 74.41 Gb Total Space | 20.17 Gb Free Space | 27.10% Space Free | Partition Type: NTFSDrive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFSDrive E: | 1862.92 Gb Total Space | 1862.66 Gb Free Space | 99.99% Space Free | Partition Type: NTFSComputer Name: COMPBRO-PC | User Name: Compbro | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/08/18 16:45:58 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exePRC - [2012/08/10 11:58:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exePRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exePRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exePRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe========== Modules (No Company Name) ==================== Win32 Services (SafeList) ==========SRV:64bit: - [2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2012/08/10 11:58:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D9 17 1C FF 7B CD 01 [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8F248D18-EA45-4363-83C1-6218C0AA45ED}&mid=5067dbdcd4bc47d086aad16c2260d538-659e591a9c7c38316d869c685935caeb53f8e1ef〈=en&ds=AVG&pr=fr&d=2012-08-09 23:48:37&v=12.2.0.5&sap=dsp&q={searchTerms}IE - HKCU\..\SearchScopes\{9F7A5891-E0BB-42D7-AEF1-0140BCFB60C3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/09 23:47:52 | 000,000,000 | ---D | M]========== Chrome ==========CHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149'>http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149CHR - default_search_provider: suggest_url = http://search.conduit.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dllCHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dllCHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllCHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dllCHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllCHR - Extension: WhiteSmoke US New = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\CHR - Extension: AVG Do Not Track = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\O1 HOSTS File: ([2012/08/18 16:40:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E3DEBA7-42A7-422E-B07A-AD7D7C03EE70}: DhcpNameServer = 192.168.1.1 68.238.96.12O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/08/18 16:46:12 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exe[2012/08/18 16:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/08/18 04:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/08/18 04:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/08/18 04:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/08/18 04:56:58 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/08/17 23:06:21 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Compbro\Desktop\ComboFix.exe[2012/08/17 22:37:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/08/17 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group[2012/08/17 22:20:21 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller[2012/08/17 15:01:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Seagate[2012/08/17 15:01:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Seagate[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate File Recovery for Windows[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate File Recovery for Windows[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\R-TT[2012/08/17 14:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate[2012/08/17 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard[2012/08/16 18:00:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2012/08/16 18:00:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2012/08/16 18:00:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2012/08/16 18:00:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2012/08/16 18:00:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2012/08/16 18:00:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2012/08/16 18:00:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2012/08/16 18:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2012/08/16 18:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2012/08/16 18:00:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2012/08/16 18:00:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2012/08/16 18:00:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2012/08/16 18:00:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2012/08/16 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa3[2012/08/16 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\CRE[2012/08/16 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Conduit[2012/08/16 11:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3[2012/08/16 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google[2012/08/16 11:38:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll[2012/08/16 11:38:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2012/08/16 11:38:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2012/08/16 11:38:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe[2012/08/16 11:37:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll[2012/08/16 11:37:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll[2012/08/16 11:37:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll[2012/08/16 11:37:56 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll[2012/08/12 23:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech[2012/08/12 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech[2012/08/12 23:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech[2012/08/10 17:39:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys[2012/08/10 17:39:11 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys[2012/08/10 17:39:06 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll[2012/08/10 17:39:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys[2012/08/10 17:39:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll[2012/08/10 17:39:05 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys[2012/08/10 17:39:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe[2012/08/10 17:39:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe[2012/08/10 17:39:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys[2012/08/10 16:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET[2012/08/10 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat[2012/08/10 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat[2012/08/10 14:20:05 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll[2012/08/10 14:20:05 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll[2012/08/10 14:20:05 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe[2012/08/10 14:20:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe[2012/08/10 14:20:05 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll[2012/08/10 14:20:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll[2012/08/10 14:20:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll[2012/08/10 14:20:05 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll[2012/08/10 14:18:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2012/08/10 14:18:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2012/08/10 14:18:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2012/08/10 14:18:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2012/08/10 14:18:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll[2012/08/10 14:18:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2012/08/10 14:18:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2012/08/10 14:18:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2012/08/10 14:18:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2012/08/10 14:18:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2012/08/10 14:18:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2012/08/10 14:18:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe[2012/08/10 14:18:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2012/08/10 14:18:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2012/08/10 14:18:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2012/08/10 14:18:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2012/08/10 14:18:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll[2012/08/10 14:18:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll[2012/08/10 14:18:09 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2012/08/10 14:18:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2012/08/10 14:18:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll[2012/08/10 14:18:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll[2012/08/10 14:18:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2012/08/10 14:18:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2012/08/10 14:18:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2012/08/10 14:18:09 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2012/08/10 14:18:09 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll[2012/08/10 14:18:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll[2012/08/10 14:18:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2012/08/10 14:18:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2012/08/10 14:18:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2012/08/10 14:18:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2012/08/10 14:18:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2012/08/10 14:18:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2012/08/10 14:18:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2012/08/10 14:18:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2012/08/10 14:18:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2012/08/10 14:18:08 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2012/08/10 14:18:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2012/08/10 14:18:08 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2012/08/10 14:18:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll[2012/08/10 14:18:08 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2012/08/10 14:18:08 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2012/08/10 14:18:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2012/08/10 14:18:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2012/08/10 14:18:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2012/08/10 14:18:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2012/08/10 14:18:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2012/08/10 14:18:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2012/08/10 14:18:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2012/08/10 14:18:08 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2012/08/10 14:18:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2012/08/10 14:18:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2012/08/10 14:18:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2012/08/10 14:18:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2012/08/10 14:18:07 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2012/08/10 14:18:07 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2012/08/10 14:18:07 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2012/08/10 14:18:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2012/08/10 14:09:00 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2012/08/10 14:09:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll[2012/08/10 14:09:00 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys[2012/08/10 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\PunkBuster[2012/08/10 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Battlefield 3[2012/08/10 11:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins[2012/08/10 11:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core[2012/08/10 11:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs[2012/08/10 03:36:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller[2012/08/10 03:34:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll[2012/08/10 03:34:58 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll[2012/08/10 03:34:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll[2012/08/10 03:34:58 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll[2012/08/10 03:34:58 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll[2012/08/10 03:34:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll[2012/08/10 03:34:57 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll[2012/08/10 03:34:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll[2012/08/10 03:34:57 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll[2012/08/10 03:34:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll[2012/08/10 03:34:57 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll[2012/08/10 03:34:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll[2012/08/10 03:34:56 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll[2012/08/10 03:34:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll[2012/08/10 03:34:56 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll[2012/08/10 03:34:56 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll[2012/08/10 03:34:55 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll[2012/08/10 03:34:55 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll[2012/08/10 03:34:55 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll[2012/08/10 03:34:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll[2012/08/10 03:34:54 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll[2012/08/10 03:34:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll[2012/08/10 03:34:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll[2012/08/10 03:34:54 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll[2012/08/10 03:34:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll[2012/08/10 03:34:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll[2012/08/10 03:34:52 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll[2012/08/10 03:34:52 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll[2012/08/10 03:34:52 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll[2012/08/10 03:34:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll[2012/08/10 03:34:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll[2012/08/10 03:34:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll[2012/08/10 03:34:51 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll[2012/08/10 03:34:51 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll[2012/08/10 03:34:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll[2012/08/10 03:34:51 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll[2012/08/10 03:34:51 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll[2012/08/10 03:34:51 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll[2012/08/10 03:34:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll[2012/08/10 03:34:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll[2012/08/10 03:34:51 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll[2012/08/10 03:34:51 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll[2012/08/10 03:34:50 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll[2012/08/10 03:34:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll[2012/08/10 03:34:50 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll[2012/08/10 03:34:50 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll[2012/08/10 03:34:50 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll[2012/08/10 03:34:50 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll[2012/08/10 03:34:49 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll[2012/08/10 03:34:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll[2012/08/10 03:34:49 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll[2012/08/10 03:34:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll[2012/08/10 03:34:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll[2012/08/10 03:34:49 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll[2012/08/10 03:34:49 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll[2012/08/10 03:34:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll[2012/08/10 03:34:48 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll[2012/08/10 03:34:48 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll[2012/08/10 03:34:48 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll[2012/08/10 03:34:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll[2012/08/10 03:34:48 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll[2012/08/10 03:34:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll[2012/08/10 03:34:47 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll[2012/08/10 03:34:47 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll[2012/08/10 03:34:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll[2012/08/10 03:34:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll[2012/08/10 03:34:46 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll[2012/08/10 03:34:46 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll[2012/08/10 03:34:46 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll[2012/08/10 03:34:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll[2012/08/10 03:34:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll[2012/08/10 03:34:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll[2012/08/10 03:34:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll[2012/08/10 03:34:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll[2012/08/10 03:34:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll[2012/08/10 03:34:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll[2012/08/10 03:34:45 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll[2012/08/10 03:34:45 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll[2012/08/10 03:34:44 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll[2012/08/10 03:34:44 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll[2012/08/10 03:34:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll[2012/08/10 03:34:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll[2012/08/10 03:34:44 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll[2012/08/10 03:34:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll[2012/08/10 03:34:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll[2012/08/10 03:34:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll[2012/08/10 03:34:43 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll[2012/08/10 03:34:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll[2012/08/10 03:34:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll[2012/08/10 03:34:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll[2012/08/10 03:34:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll[2012/08/10 03:34:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll[2012/08/10 03:34:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll[2012/08/10 03:34:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll[2012/08/10 03:34:41 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll[2012/08/10 03:34:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll[2012/08/10 03:34:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll[2012/08/10 03:34:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll[2012/08/10 03:34:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll[2012/08/10 03:34:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll[2012/08/10 03:34:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll[2012/08/10 03:34:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll[2012/08/10 03:34:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll[2012/08/10 03:34:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll[2012/08/10 03:34:40 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll[2012/08/10 03:34:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll[2012/08/10 03:34:39 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll[2012/08/10 03:34:39 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll[2012/08/10 03:34:39 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll[2012/08/10 03:34:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll[2012/08/10 03:34:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll[2012/08/10 03:34:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll[2012/08/10 03:34:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll[2012/08/10 03:34:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll[2012/08/10 03:34:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll[2012/08/10 03:34:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll[2012/08/10 03:34:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll[2012/08/10 03:34:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll[2012/08/10 03:34:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll[2012/08/10 03:34:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll[2012/08/10 03:34:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll[2012/08/10 03:34:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll[2012/08/10 03:34:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll[2012/08/10 03:34:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll[2012/08/10 03:34:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll[2012/08/10 03:34:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll[2012/08/10 03:34:36 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll[2012/08/10 03:34:36 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll[2012/08/10 03:34:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll[2012/08/10 03:34:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll[2012/08/10 03:34:36 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll[2012/08/10 03:34:36 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll[2012/08/10 03:34:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll[2012/08/10 03:34:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll[2012/08/10 03:34:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll[2012/08/10 03:34:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll[2012/08/10 03:34:34 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll[2012/08/10 03:34:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll[2012/08/10 03:34:34 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll[2012/08/10 03:34:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll[2012/08/10 03:34:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll[2012/08/10 03:34:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll[2012/08/10 03:34:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll[2012/08/10 03:34:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll[2012/08/10 03:34:31 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll[2012/08/10 03:34:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll[2012/08/10 03:34:30 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll[2012/08/10 03:34:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll[2012/08/10 03:34:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll[2012/08/10 03:34:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll[2012/08/10 03:34:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll[2012/08/10 03:34:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll[2012/08/10 03:34:30 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll[2012/08/10 03:34:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll[2012/08/10 03:34:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll[2012/08/10 03:34:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll[2012/08/10 03:34:29 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll[2012/08/10 03:34:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll[2012/08/10 03:34:28 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll[2012/08/10 03:34:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll[2012/08/10 03:34:28 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll[2012/08/10 03:34:28 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll[2012/08/10 03:34:27 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll[2012/08/10 03:34:27 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll[2012/08/10 03:34:20 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll[2012/08/10 03:34:20 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll[2012/08/10 03:34:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll[2012/08/10 03:34:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll[2012/08/10 03:34:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll[2012/08/10 03:34:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll[2012/08/10 03:34:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll[2012/08/10 03:34:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll[2012/08/10 03:34:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll[2012/08/10 03:34:17 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll[2012/08/10 03:34:17 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll[2012/08/10 03:34:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll[2012/08/10 03:34:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll[2012/08/10 03:34:17 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll[2012/08/10 03:34:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll[2012/08/10 03:34:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll[2012/08/10 03:34:16 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll[2012/08/10 03:34:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll[2012/08/10 03:22:32 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe[2012/08/10 03:22:24 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll[2012/08/10 03:22:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll[2012/08/10 03:22:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll[2012/08/10 03:22:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll[2012/08/10 03:22:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll[2012/08/10 03:22:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll[2012/08/10 03:22:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll[2012/08/10 03:22:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll[2012/08/10 03:22:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll[2012/08/10 03:22:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll[2012/08/10 03:22:16 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll[2012/08/10 03:22:16 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2012/08/10 03:22:16 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll[2012/08/10 03:22:16 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll[2012/08/10 03:22:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll[2012/08/10 03:21:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe[2012/08/10 03:21:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe[2012/08/10 03:21:43 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe[2012/08/10 03:21:43 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe[2012/08/10 03:21:39 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll[2012/08/10 03:21:39 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll[2012/08/10 03:21:39 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll[2012/08/10 03:21:38 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll[2012/08/10 03:21:38 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax[2012/08/10 03:21:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax[2012/08/10 03:21:35 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll[2012/08/10 03:21:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll[2012/08/10 03:21:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll[2012/08/10 03:21:33 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll[2012/08/10 03:21:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll[2012/08/10 03:21:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll[2012/08/10 03:21:28 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll[2012/08/10 03:21:27 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll[2012/08/10 03:21:06 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll[2012/08/10 03:21:06 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll[2012/08/10 03:21:06 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll[2012/08/10 03:21:06 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll[2012/08/10 03:21:06 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe[2012/08/10 03:21:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll[2012/08/10 03:21:06 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe[2012/08/10 03:21:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe[2012/08/10 03:21:04 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll[2012/08/10 03:21:04 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll[2012/08/10 03:21:03 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll[2012/08/10 03:21:03 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll[2012/08/10 03:21:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll[2012/08/10 03:21:03 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll[2012/08/10 03:21:03 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe[2012/08/10 03:21:02 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll[2012/08/10 03:21:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll[2012/08/10 03:21:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll[2012/08/10 03:21:02 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe[2012/08/10 03:21:02 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll[2012/08/10 03:21:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll[2012/08/10 03:20:56 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll[2012/08/10 03:20:51 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll[2012/08/10 03:20:51 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll[2012/08/10 03:20:48 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll[2012/08/10 03:20:48 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll[2012/08/10 03:20:30 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll[2012/08/10 03:20:30 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll[2012/08/10 03:20:30 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll[2012/08/10 03:20:30 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll[2012/08/10 03:20:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe[2012/08/10 03:20:30 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe[2012/08/10 03:20:30 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe[2012/08/10 03:20:30 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe[2012/08/10 03:20:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe[2012/08/10 03:20:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe[2012/08/10 03:20:29 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe[2012/08/10 03:20:29 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe[2012/08/10 03:20:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll[2012/08/10 03:20:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll[2012/08/10 03:20:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll[2012/08/10 03:20:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll[2012/08/10 03:20:18 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll[2012/08/10 03:20:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll[2012/08/10 03:20:00 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl[2012/08/10 03:20:00 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl[2012/08/10 03:19:58 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll[2012/08/10 03:19:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll[2012/08/10 03:19:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll[2012/08/10 03:19:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll[2012/08/10 03:19:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll[2012/08/10 03:19:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll[2012/08/10 03:19:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll[2012/08/10 03:19:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll[2012/08/10 03:19:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll[2012/08/10 03:19:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll[2012/08/10 03:19:28 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll[2012/08/10 03:19:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll[2012/08/10 03:19:20 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll[2012/08/10 03:19:19 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll[2012/08/10 03:19:19 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll[2012/08/10 03:19:19 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll[2012/08/10 03:19:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll[2012/08/10 03:18:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll[2012/08/10 03:18:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll[2012/08/10 03:18:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe[2012/08/10 03:17:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2012/08/10 03:17:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2012/08/10 03:17:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll[2012/08/10 03:17:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll[2012/08/10 03:17:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll[2012/08/10 03:17:31 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll[2012/08/10 03:17:31 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll[2012/08/10 03:17:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll[2012/08/10 03:17:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll[2012/08/10 03:17:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll[2012/08/10 03:17:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll[2012/08/10 03:17:29 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2012/08/10 03:17:28 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll[2012/08/10 03:17:28 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll[2012/08/10 03:17:28 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll[2012/08/10 03:17:28 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2012/08/10 03:17:27 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll[2012/08/10 03:17:27 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2012/08/10 03:17:27 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll[2012/08/10 03:17:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll[2012/08/10 03:17:27 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll[2012/08/10 03:17:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll[2012/08/10 03:17:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll[2012/08/10 03:17:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll[2012/08/10 03:17:13 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys[2012/08/10 03:17:11 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll[2012/08/10 03:17:08 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll[2012/08/10 03:17:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe[2012/08/10 03:17:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe[2012/08/10 03:17:02 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll[2012/08/10 03:17:02 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll[2012/08/10 03:17:00 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll[2012/08/10 03:17:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll[2012/08/10 03:16:57 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2012/08/10 03:16:56 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2012/08/10 03:16:56 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2012/08/10 03:16:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll[2012/08/10 03:16:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll[2012/08/10 03:16:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax[2012/08/10 03:16:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax[2012/08/10 03:16:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax[2012/08/10 03:16:42 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax[2012/08/10 03:16:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax[2012/08/10 03:16:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax[2012/08/10 03:16:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax[2012/08/10 03:16:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax[2012/08/10 03:16:31 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll[2012/08/10 03:16:02 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi[2012/08/10 03:16:02 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe[2012/08/10 03:16:02 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi[2012/08/10 03:16:02 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe[2012/08/10 03:16:02 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll[2012/08/10 03:16:02 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll[2012/08/10 03:16:02 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll[2012/08/10 03:16:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll[2012/08/10 03:16:00 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll[2012/08/10 03:15:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll[2012/08/10 03:15:48 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2012/08/10 03:15:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2012/08/10 03:15:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2012/08/10 03:15:32 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2012/08/10 03:15:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2012/08/10 03:15:32 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2012/08/10 03:15:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2012/08/10 03:15:32 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2012/08/10 03:15:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2012/08/10 03:15:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2012/08/10 03:15:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2012/08/10 03:15:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2012/08/10 03:15:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2012/08/10 03:15:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2012/08/10 03:15:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2012/08/10 03:15:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2012/08/10 03:15:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2012/08/10 03:15:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2012/08/10 03:15:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2012/08/10 03:15:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2012/08/10 03:15:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2012/08/10 03:15:21 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe[2012/08/10 03:15:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll[2012/08/10 03:15:19 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2012/08/10 03:15:19 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2012/08/10 03:15:19 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2012/08/10 03:15:19 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2012/08/10 03:15:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll[2012/08/10 03:15:16 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll[2012/08/10 03:15:15 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL[2012/08/10 03:15:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL[2012/08/10 03:15:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe[2012/08/10 03:15:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe[2012/08/10 03:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe[2012/08/10 03:15:05 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll[2012/08/10 03:15:04 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2012/08/10 03:15:01 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll[2012/08/10 03:15:01 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll[2012/08/10 03:15:00 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll[2012/08/10 03:15:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll[2012/08/10 03:14:34 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll[2012/08/10 03:14:31 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll[2012/08/10 03:14:31 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll[2012/08/10 03:14:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll[2012/08/10 03:08:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll[2012/08/10 03:08:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll[2012/08/10 00:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games[2012/08/10 00:00:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Origin[2012/08/10 00:00:39 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Origin[2012/08/09 23:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin[2012/08/09 23:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts[2012/08/09 23:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin[2012/08/09 23:49:48 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\AVG2012[2012/08/09 23:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2012/08/09 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search[2012/08/09 23:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[2012/08/09 23:48:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\$AVG[2012/08/09 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG[2012/08/09 23:44:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2012/08/09 23:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\ATI[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\ATI[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI[2012/08/09 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT[2012/08/09 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD[2012/08/09 23:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP[2012/08/09 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies[2012/08/09 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies[2012/08/09 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center[2012/08/09 23:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies[2012/08/09 23:23:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer[2012/08/09 23:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI[2012/08/09 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies[2012/08/09 23:18:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM[2012/08/09 23:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek[2012/08/09 23:18:21 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll[2012/08/09 23:18:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll[2012/08/09 23:18:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll[2012/08/09 23:18:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll[2012/08/09 23:18:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll[2012/08/09 23:18:18 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll[2012/08/09 23:18:18 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll[2012/08/09 23:18:18 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl[2012/08/09 23:18:18 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll[2012/08/09 23:18:18 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll[2012/08/09 23:18:18 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll[2012/08/09 23:18:18 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll[2012/08/09 23:18:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll[2012/08/09 23:18:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll[2012/08/09 23:18:18 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll[2012/08/09 23:18:18 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll[2012/08/09 23:18:18 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll[2012/08/09 23:18:18 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll[2012/08/09 23:18:18 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll[2012/08/09 23:18:17 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll[2012/08/09 23:18:17 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll[2012/08/09 23:18:16 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll[2012/08/09 23:18:16 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll[2012/08/09 23:18:16 | 000,626,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll[2012/08/09 23:18:16 | 000,561,792 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll[2012/08/09 23:18:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll[2012/08/09 23:18:15 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll[2012/08/09 23:18:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll[2012/08/09 23:18:14 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll[2012/08/09 23:18:12 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll[2012/08/09 23:18:12 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll[2012/08/09 23:18:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information[2012/08/09 23:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek[2012/08/09 23:18:11 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll[2012/08/09 23:18:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp[2012/08/09 23:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield[2012/08/09 23:06:27 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\ElevatedDiagnostics[2012/08/09 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\6305_Vista_PG537[2012/08/09 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Vista64[2012/08/09 23:02:42 | 000,524,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\RtlExUpd.dll[2012/08/09 23:02:42 | 000,475,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\AlcUpd64.exe[2012/08/09 23:02:42 | 000,316,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv64.exe[2012/08/09 23:02:42 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcupd.exe[2012/08/09 23:02:42 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv.exe[2012/08/09 23:02:42 | 000,126,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv9x.exe[2012/08/09 23:02:42 | 000,121,064 | ---- | C] (Macrovision Corporation) -- C:\Users\Compbro\Documents\setup.exe[2012/08/09 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Vista[2012/08/09 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\CONFIG[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\WinRAR[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2012/08/09 23:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2012/08/09 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome[2012/08/09 22:57:41 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Google[2012/08/09 22:57:25 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Apps[2012/08/09 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Deployment[2012/08/09 22:45:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll[2012/08/09 22:45:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll[2012/08/09 22:45:15 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll[2012/08/09 22:45:15 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll[2012/08/09 17:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther[2012/08/09 16:51:43 | 000,000,000 | ---D | C] -- C:\Windows.old[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Searches[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2012/08/09 16:25:35 | 000,000,000 | -H-D | C] -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned[2012/08/09 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Identities[2012/08/09 16:25:22 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Contacts[2012/08/09 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\VirtualStore[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\Temporary Internet Files[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Templates[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Start Menu[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\SendTo[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Recent[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\PrintHood[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\NetHood[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Videos[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Pictures[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Music[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\My Documents[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Local Settings[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\History[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Cookies[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Application Data[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\Application Data[2012/08/09 16:24:52 | 000,000,000 | --SD | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Pictures[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Music[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Links[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Favorites[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Downloads[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Documents[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Desktop[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2012/08/09 16:24:52 | 000,000,000 | -H-D | C] -- C:\Users\Compbro\AppData[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Temp[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Microsoft[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Media Center Programs[2012/08/09 16:24:51 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Videos[2012/08/09 16:24:51 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Saved Games[2012/08/09 16:23:35 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll[2012/08/09 16:23:35 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe[2012/08/09 16:23:35 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll[2012/08/09 16:23:26 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll[2012/08/09 16:23:26 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll[2012/08/09 16:23:26 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll[2012/08/09 16:23:17 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll[2012/08/09 16:23:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe[2012/08/09 16:04:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution[2012/08/09 16:01:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch[2012/08/09 13:17:50 | 000,000,000 | ---D | C] -- C:\AMD[2012/08/08 15:35:17 | 000,000,000 | ---D | C] -- C:\Recovery[2012/08/08 14:53:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:587132 Share Posted August 18, 2012 ========== Files - Modified Within 30 Days ==========[2012/08/18 16:45:58 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exe[2012/08/18 16:40:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/08/18 16:40:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/08/18 16:40:01 | 2146,684,927 | -HS- | M] () -- C:\hiberfil.sys[2012/08/18 16:39:10 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/08/18 16:39:10 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/08/18 16:33:07 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Compbro\Desktop\ComboFix.exe[2012/08/18 16:31:49 | 104,295,870 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/08/18 05:07:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job[2012/08/18 03:36:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2012/08/18 03:36:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/08/18 03:36:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[2012/08/17 23:07:05 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job[2012/08/17 22:20:21 | 000,001,264 | ---- | M] () -- C:\Users\Compbro\Desktop\Revo Uninstaller.lnk[2012/08/17 15:57:10 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/08/17 15:57:10 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/08/17 15:57:10 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/08/17 15:57:02 | 000,771,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/08/17 14:54:24 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk[2012/08/16 22:35:28 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/08/16 17:39:58 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk[2012/08/16 17:38:40 | 000,000,009 | ---- | M] () -- C:\END[2012/08/16 17:37:29 | 000,002,461 | ---- | M] () -- C:\Users\Compbro\Desktop\Google Chrome.lnk[2012/08/16 17:30:12 | 000,032,888 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/08/11 21:06:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2012/08/11 21:06:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf[2012/08/10 15:08:09 | 000,001,437 | ---- | M] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2012/08/10 14:18:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat[2012/08/10 14:18:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll[2012/08/10 14:18:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec[2012/08/10 14:18:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll[2012/08/10 14:18:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll[2012/08/10 14:18:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll[2012/08/10 14:18:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll[2012/08/10 14:18:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2012/08/10 14:18:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe[2012/08/10 14:18:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2012/08/10 14:18:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2012/08/10 14:18:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe[2012/08/10 14:18:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf[2012/08/10 14:18:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx[2012/08/10 14:18:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll[2012/08/10 14:18:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2012/08/10 14:18:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe[2012/08/10 14:18:09 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll[2012/08/10 14:18:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll[2012/08/10 14:18:09 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll[2012/08/10 14:18:09 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll[2012/08/10 14:18:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll[2012/08/10 14:18:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll[2012/08/10 14:18:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe[2012/08/10 14:18:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe[2012/08/10 14:18:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll[2012/08/10 14:18:09 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll[2012/08/10 14:18:09 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll[2012/08/10 14:18:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll[2012/08/10 14:18:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2012/08/10 14:18:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll[2012/08/10 14:18:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll[2012/08/10 14:18:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll[2012/08/10 14:18:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll[2012/08/10 14:18:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll[2012/08/10 14:18:09 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe[2012/08/10 14:18:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat[2012/08/10 14:18:08 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll[2012/08/10 14:18:08 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll[2012/08/10 14:18:08 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec[2012/08/10 14:18:08 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll[2012/08/10 14:18:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll[2012/08/10 14:18:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll[2012/08/10 14:18:08 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll[2012/08/10 14:18:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2012/08/10 14:18:08 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll[2012/08/10 14:18:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe[2012/08/10 14:18:08 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2012/08/10 14:18:08 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2012/08/10 14:18:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll[2012/08/10 14:18:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx[2012/08/10 14:18:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf[2012/08/10 14:18:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll[2012/08/10 14:18:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll[2012/08/10 14:18:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2012/08/10 14:18:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll[2012/08/10 14:18:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe[2012/08/10 14:18:07 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2012/08/10 14:18:07 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2012/08/10 14:18:07 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe[2012/08/10 14:18:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe[2012/08/10 11:58:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/08/10 03:36:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk[2012/08/09 23:59:49 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk[2012/08/09 23:48:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/08/09 23:48:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm[2012/08/09 23:48:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm[2012/08/09 22:47:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin[2012/08/09 16:04:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf[2012/08/09 16:04:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf[2012/08/09 16:03:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf========== Files Created - No Company Name ==========[2012/08/18 16:31:49 | 104,295,870 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm[2012/08/18 04:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/08/18 04:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/08/18 04:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/08/18 04:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/08/18 04:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/08/17 22:20:21 | 000,001,264 | ---- | C] () -- C:\Users\Compbro\Desktop\Revo Uninstaller.lnk[2012/08/17 14:54:15 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk[2012/08/17 14:52:13 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/08/16 17:39:58 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk[2012/08/16 17:38:40 | 000,000,009 | ---- | C] () -- C:\END[2012/08/16 17:30:12 | 000,032,888 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm[2012/08/11 21:06:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2012/08/11 21:06:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf[2012/08/10 14:18:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf[2012/08/10 14:18:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf[2012/08/10 11:53:54 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2012/08/10 03:36:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk[2012/08/10 03:35:40 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/08/10 03:35:40 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0[2012/08/10 03:35:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/08/09 23:59:49 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk[2012/08/09 23:48:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk[2012/08/09 23:48:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm[2012/08/09 23:48:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm[2012/08/09 23:18:18 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT[2012/08/09 23:02:42 | 002,319,913 | ---- | C] () -- C:\Users\Compbro\Documents\data1.cab[2012/08/09 23:02:42 | 000,553,805 | ---- | C] () -- C:\Users\Compbro\Documents\engine32.cab[2012/08/09 23:02:42 | 000,456,860 | ---- | C] () -- C:\Users\Compbro\Documents\setup.ibt[2012/08/09 23:02:42 | 000,351,586 | ---- | C] () -- C:\Users\Compbro\Documents\setup.inx[2012/08/09 23:02:42 | 000,250,296 | ---- | C] () -- C:\Users\Compbro\Documents\setup.isn[2012/08/09 23:02:42 | 000,110,592 | ---- | C] () -- C:\Users\Compbro\Documents\alcchkid.exe[2012/08/09 23:02:42 | 000,049,152 | ---- | C] () -- C:\Users\Compbro\Documents\ChCfg.exe[2012/08/09 23:02:42 | 000,040,448 | ---- | C] () -- C:\Users\Compbro\Documents\GETDXVER.EXE[2012/08/09 23:02:42 | 000,031,388 | ---- | C] () -- C:\Users\Compbro\Documents\ALCXDEV.EXE[2012/08/09 23:02:42 | 000,027,061 | ---- | C] () -- C:\Users\Compbro\Documents\data1.hdr[2012/08/09 23:02:42 | 000,023,552 | ---- | C] () -- C:\Users\Compbro\Documents\SetCDfmt.exe[2012/08/09 23:02:42 | 000,002,826 | ---- | C] () -- C:\Users\Compbro\Documents\setup.ini[2012/08/09 23:02:42 | 000,000,534 | ---- | C] () -- C:\Users\Compbro\Documents\setup.iss[2012/08/09 23:02:42 | 000,000,512 | ---- | C] () -- C:\Users\Compbro\Documents\data2.cab[2012/08/09 23:02:42 | 000,000,473 | ---- | C] () -- C:\Users\Compbro\Documents\layout.bin[2012/08/09 23:02:42 | 000,000,136 | ---- | C] () -- C:\Users\Compbro\Documents\SetupEx.ini[2012/08/09 22:58:24 | 000,002,461 | ---- | C] () -- C:\Users\Compbro\Desktop\Google Chrome.lnk[2012/08/09 22:57:42 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job[2012/08/09 22:57:41 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job[2012/08/09 22:56:41 | 000,001,437 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2012/08/09 22:47:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2012/08/09 16:25:45 | 000,001,409 | ---- | C] () -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk[2012/08/09 16:25:39 | 000,001,443 | ---- | C] () -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2012/08/09 16:24:52 | 000,000,290 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[2012/08/09 16:24:52 | 000,000,272 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk[2012/08/09 16:04:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk[2012/08/09 16:04:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk[2012/08/09 16:03:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf[2012/08/08 14:53:48 | 2146,684,927 | -HS- | C] () -- C:\hiberfil.sys[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat[2012/08/18 16:44:52 | 000,020,940 | ---- | M] () -- C:\ComboFix.txt[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys[2012/08/16 17:38:40 | 000,000,009 | ---- | M] () -- C:\END[2012/08/18 16:40:01 | 2146,684,927 | -HS- | M] () -- C:\hiberfil.sys[2012/08/18 16:40:01 | 4293,902,335 | -HS- | M] () -- C:\pagefile.sys[2012/08/17 22:35:17 | 000,126,416 | ---- | M] () -- C:\TDSSKiller.2.8.6.0_17.08.2012_22.33.25_log.txt< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< End of report > Link to post Share on other sites More sharing options...
howtodumb Posted August 18, 2012 Author ID:587133 Share Posted August 18, 2012 OTL Extras logfile created on: 8/18/2012 4:46:55 PM - Run 1OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Compbro\Desktop64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.74% Memory free16.00 Gb Paging File | 14.59 Gb Available in Paging File | 91.18% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 74.41 Gb Total Space | 20.17 Gb Free Space | 27.10% Space Free | Partition Type: NTFSDrive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFSDrive E: | 1862.92 Gb Total Space | 1862.66 Gb Free Space | 99.99% Space Free | Partition Type: NTFSComputer Name: COMPBRO-PC | User Name: Compbro | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0BFFE11B-99E5-4DC3-A0CF-EF333D66DDDC}" = lport=139 | protocol=6 | dir=in | app=system | "{11DBF735-0FC2-4009-BD40-405DAA919352}" = lport=445 | protocol=6 | dir=in | app=system | "{25FEF3DC-7012-43EC-9EC4-531995365CF8}" = rport=445 | protocol=6 | dir=out | app=system | "{3E2FAECD-FD50-4E76-81E3-9C3434EA44A9}" = lport=10243 | protocol=6 | dir=in | app=system | "{3FCE25D7-3D3A-417B-B861-A2CC61DE643A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{413B8FC6-8A6C-4813-96AD-7E1D3CE4E464}" = rport=138 | protocol=17 | dir=out | app=system | "{4DC8178F-87A2-491D-A903-C06E707BF893}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{54DB3C91-D1B5-48A2-A0FE-FB13F540B085}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58AA5678-B2E0-4FFD-9114-3A2AC8DC7E6E}" = rport=10243 | protocol=6 | dir=out | app=system | "{5C2392DB-C39D-4557-BEDF-917D46141E2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{75FE4866-9082-4D8D-A10F-D361F6415EAC}" = lport=138 | protocol=17 | dir=in | app=system | "{87D85696-3E13-49F6-8BDD-70EFD43AD7A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9363C64A-59C0-46C3-8977-FC034E9CC2D0}" = rport=137 | protocol=17 | dir=out | app=system | "{A295321F-EF36-42A0-938B-29D0124330FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{BAC7667E-2785-42A2-ADCC-95F13EC4FA72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BAC86444-0013-4DDA-BB8E-39F75AE13838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5961AB4-D06C-454C-89F5-9118211651AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C8A1D39E-8023-44A3-B8A1-08659F014780}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DC70A9D3-0A17-4D50-B0DA-1F19A10B63E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E6678373-E443-4010-B297-1E724BE2A6B8}" = rport=139 | protocol=6 | dir=out | app=system | "{FCFE55D4-47AB-4D0D-B916-CA9CBB681B67}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0D211C91-D991-47A5-A229-2269E7E96712}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{1E22F423-8234-42E8-8AE3-5FE7127A15C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{1F6B6700-5138-45EB-8398-3155E6D50D00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2529F34F-566E-4B69-97AB-B183C057AB9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3F69450D-20CF-4503-9508-89A09BFADB5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{49A18BD0-1E7C-4F93-A3AC-FD1E6E23F009}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4F875974-6E5F-43FD-BFC6-DE59D1977EDA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{54998103-8713-4A42-B20C-ABB523623849}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{590E92E6-DD90-4E76-B7C3-B53403D4059A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{59623C5E-54C0-4D30-9ED6-679FE8194C31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{63BFF2FB-DAFF-440D-A9A0-B74AF4393D73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{6472494E-962F-49AD-93EF-B21111660923}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C78B54B-9C3A-4350-956D-34D5937B770F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D6ACDA8-C3E6-4046-B3E1-364EB44FDE15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80A39FEA-0F0B-4745-AE75-822DD960D57E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8594CB60-55DA-4FEB-AA85-454B04587A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{90AB4EDE-6946-407C-81D8-1B2D4322A9C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{92A4F0BE-AA40-4E68-9571-6BDD52405B1B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{96009D92-1BD6-4CE7-A8D7-1E92AA61DB98}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{9E1D344D-B6AE-494D-8F48-AC6B1A636DCC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{B128D9CE-E685-46B0-8684-227415D66871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B2675CF9-2BB5-4E1F-8F74-BDAD129974ED}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B5F8002A-B50F-4CCB-B9A1-89C52A2030AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C10FBB44-AED8-4559-A987-CB424D4F344B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBDC6E71-FC48-4227-AEA1-A80F4D5CB354}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DA01CC61-A287-43A1-80F4-A6D0FFF66CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{DACEBA01-34FA-48F3-8AB4-C7D4FD2A6761}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DB2CE32E-442D-455F-8C34-5224EDFF616C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{DF971F58-84A9-4BCB-8E95-9B1854321418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1591A70-49E8-403B-B18A-C4C85873BD90}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E574B053-9219-48B1-ADA5-A4779E53E042}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E970AA54-FCB6-45AE-81AE-9C49BE302F31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EAB4A534-2F93-467F-BEFD-E412394CDF0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F0A11CC4-8C52-4EFB-92A4-C151B914A4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{F40EC78E-7581-4CA1-A054-CCABFDA907B0}" = protocol=6 | dir=out | app=system | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"AVG" = AVG 2012"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"WinRAR archiver" = WinRAR 4.20 (64-bit)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All"Battlelog Web Plugins" = Battlelog Web Plugins"ESN Sonar-0.70.4" = ESN Sonar"Origin" = Origin"Picasa 3" = Picasa 3"PunkBusterSvc" = PunkBuster Services"Revo Uninstaller" = Revo Uninstaller 1.94"Seagate File Recovery for WindowsNSIS" = Seagate File Recovery for Windows 2.0========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome========== Last 20 Event Log Errors ==========[ Application Events ]Error - 8/10/2012 12:59:41 AM | Computer Name = Compbro-PC | Source = Windows Installer 3.1 | ID = 921877Description = Error - 8/10/2012 4:04:23 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000Description = Faulting application name: mscorsvw.exe, version: 2.0.50727.4927, time stamp: 0x4a275ab4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id: 0xbec Faulting application start time: 0x01cd7733487fe51a Faulting application path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Faulting module path: unknown Report Id: 93dc598d-e326-11e1-afc8-002564843ccbError - 8/10/2012 4:04:25 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000Description = Faulting application name: PnkBstrA.exe, version: 0.0.0.0, time stamp: 0x4f144d4e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id: 0x724 Faulting application start time: 0x01cd7732fb3fbcb5 Faulting application path: C:\Windows\SysWOW64\PnkBstrA.exeFaulting module path: unknown Report Id: 9530be54-e326-11e1-afc8-002564843ccbError - 8/10/2012 4:04:30 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000Description = Faulting application name: ToolbarUpdater.exe, version: 12.2.0.5, time stamp: 0x501a9284 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id: 0x7a0 Faulting application start time: 0x01cd7732fbb46023 Faulting application path: C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exeFaulting module path: unknown Report Id: 982a76ac-e326-11e1-afc8-002564843ccbError - 8/16/2012 6:57:14 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002Description = The program PicasaPhotoViewer.exe version 3.9.135.93 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fa4 Start Time: 01cd7c0257ec0d13 Termination Time: 0 Application Path: C:\Program Files\Picasa3\PicasaPhotoViewer.exeReport Id: ad534faf-e7f5-11e1-b5c9-002564843ccb Error - 8/16/2012 6:59:04 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002Description = The program PicasaPhotoViewer.exe version 3.9.135.93 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 424 Start Time: 01cd7c02829073bb Termination Time: 15 Application Path: C:\Program Files\Picasa3\PicasaPhotoViewer.exeReport Id: f5f20acb-e7f5-11e1-b5c9-002564843ccb Error - 8/16/2012 11:59:56 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ac4 Start Time: 01cd7c2964f62846 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXEReport Id: d4558c00-e81f-11e1-a3b6-002564843ccb [ System Events ]Error - 8/18/2012 6:01:28 AM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 8/18/2012 6:01:29 AM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 8/18/2012 6:01:52 AM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 8/18/2012 6:03:12 AM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7023Description = The Windows Defender service terminated with the following error: %%126Error - 8/18/2012 5:29:26 PM | Computer Name = Compbro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2505438).Error - 8/18/2012 5:34:43 PM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 8/18/2012 5:34:43 PM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 8/18/2012 5:37:07 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 8/18/2012 5:39:03 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 8/18/2012 5:40:20 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7023Description = The Windows Defender service terminated with the following error: %%126< End of report > Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 18, 2012 ID:587161 Share Posted August 18, 2012 Hey howtodumb. WhiteSmoke still present unfortunately. Here are the logs. ComboFix first then OTL.Thank you for the logs. I believe I have found the last remnants of WhiteSmoke.Please run OTL.exe.Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::filesC:\Users\Compbro\AppData\Local\Conduit:OTLCHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3244149CHR - default_search_provider: suggest_url = http://search.conduit.com/CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dllCHR - Extension: WhiteSmoke US New = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present:Commands[EmptyTemp][EMPTYFLASH][Reboot] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.Click the red Run Fix button.A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTL.exeIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Is WhiteSmoke still present? Link to post Share on other sites More sharing options...
howtodumb Posted August 19, 2012 Author ID:587339 Share Posted August 19, 2012 WhiteSmoke toolbar is no longer present! Thank you so much for your time!All processes killed========== FILES ==========C:\Users\Compbro\AppData\Local\Conduit folder moved successfully.========== OTL ==========Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dll moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales\en folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\toolbarImages folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\sl folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\core folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\img folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\script folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\Css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\img folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\404 folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\img folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\img folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gadgetFrame folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\myStuffDialogs folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js\resources folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\api folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\res folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\img folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\css folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\images folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\toolbarAPI folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs\back folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\popup folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\options folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\lib folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js folder moved successfully.C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0 folder moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Compbro->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 5819463 bytes->Google Chrome cache emptied: 224900410 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 70774853 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46396021 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 332.00 mb[EMPTYFLASH]User: All UsersUser: CompbroUser: DefaultUser: Default UserUser: PublicTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.58.0 log created on 08192012_115537Files\Folders moved on Reboot...C:\Users\Compbro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.PendingFileRenameOperations files...File C:\Users\Compbro\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 19, 2012 ID:587423 Share Posted August 19, 2012 Hey howtodumb. WhiteSmoke toolbar is no longer present! Thank you so much for your time!Great! Please run a free online scan with the ESET Online Scanner.Note: You can use Internet Explorer or Mozilla Firefox for this scan.Tick the box next to YES, I accept the Terms of Use.Click Start.When asked, allow the ActiveX control to install.Click Start.Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.Click Scan.Wait for the scan to finish.Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.Copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
howtodumb Posted August 21, 2012 Author ID:587990 Share Posted August 21, 2012 ESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=ce0b3613ab14034b9bcee4d6c472b277# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-08-20 09:28:47# local_time=2012-08-20 04:28:47 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=6.1.7600 NT # compatibility_mode=1024 16777215 100 0 436 436 0 0# compatibility_mode=5893 16776574 100 94 2967 97039527 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=193730# found=1# cleaned=0# scan_time=2049C:\Users\Compbro\Downloads\winrar setup.exe a variant of Win32/Soft32Downloader.B application (unable to clean) 00000000000000000000000000000000 I Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 21, 2012 ID:587991 Share Posted August 21, 2012 Good afternoon howtodumb. Please navigate to this file and delete it:C:\Users\Compbro\Downloads\winrar setup.exeThen, please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
howtodumb Posted August 21, 2012 Author ID:588002 Share Posted August 21, 2012 Results of screen317's Security Check version 0.99.46 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome 21.0.1180.79 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 21, 2012 ID:588011 Share Posted August 21, 2012 Hey howtodumb. Please do the following update. Your version of Windows is out of date and by updating to the latest Service Pack you will minimise the risk of future infections through security patches and fixes.Service Pack 1 (SP1) is an extremely important update for Windows 7 and will help reduce the chance of an infection. I strongly recommend you install this update.Please open Internet Explorer and follow the instructions below to update Windows:Go to this link: Windows UpdateDownload all the Critical updates, making sure you have selected SP1Once they have been installed, please revisit Windows Update and select any further Critical updates.Note:It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.==========I also notice that your hard drive is heavily defragmented. This can lead to slower speeds on your computer. I recommend trying one of these free defragmenting programs:Defraggler or Auslogics Disk Defrag==========Did the update install with no problems? Are there any remaining issues on your computer? Link to post Share on other sites More sharing options...
howtodumb Posted August 21, 2012 Author ID:588235 Share Posted August 21, 2012 Update were installed successfully and I used Defraggler to defrag the drive. Unfortunately the drive is still 26% fragmented. Everything seems to be running well! Link to post Share on other sites More sharing options...
TheDarkKnight Posted August 21, 2012 ID:588341 Share Posted August 21, 2012 Hello howtodumb. Glad to hear your computer is running fine!Unfortunately the drive is still 26% fragmented.You may need to defrag it again since it was reasonably defragmented the first time.You could try running the defrag tool on Windows and see if it does any better:http://windows.micro...-your-hard-disk==========A little housekeeping to uninstall ComboFix:Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:ComboFix /uninstallNote: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.Right-click the Recycle Bin and please select Empty Recycle Bin.==========Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.Please consider installing and running the following program (there is a free version available):SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:http://www.spywarewa...nti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.Please also read Tony Klein's excellent article: How did I get infected in the first place.Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. Link to post Share on other sites More sharing options...
howtodumb Posted August 22, 2012 Author ID:588860 Share Posted August 22, 2012 Thank you so much for your help! I thought this was just another internet forum when I stumbled upon it, but I can see now that malwarebytes.org is teeming with experts on computer security. Again, thank you! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589024 Share Posted August 23, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts